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REMARKS/ARGUMENTS 

Claims 1, 2, 3, 4, 5, 8-10, 14-17, 18, 22, and claims 25-28 are amended and claims 2 
and 26 are canceled herein. With entry of this amendment, claims 1, 3-25, and 27-28 will be 
pending. 

Claims 1, 3-25, and 27-28 stand rejected under 35 U.S.C. 103 as being unpatentable 
over U.S. Patent Publication No. US 2002/0034939 (Wenzel) in view of U.S. Patent No. 
7,107,620 (Haverinen). 

Wenzel discloses use of AAA protocols for authentication of physical devices in IP 
networks. As shown in Fig. 1, a mobile access terminal 104 is coupled to communicate with 
an access network controller (ANC) 108. ANC 108 is coupled to communicate with a 
NAS/PSDN 1 16 and an AN- AAA server 120 (referred to by the Examiner as the second 
AAA server). NAS/PSDN 1 16 is coupled to a data packet network 124 by way of a local 
server 122 (referred to the Examiner as the first AAA server). The AN- AAA server 120 
authenticates the identity of the access terminal 104 and other devices that seek access to the 
data packet network 124 through the wireless data network 100. In rejecting the claims, the 
Examiner interprets the NAS/PSDN 1 16 and ANC 108 as a gateway. 

Applicants' invention, as set forth in the claims is directed to a method for providing 
authentication and accounting in a virtual private network having a first AAA server. 
Authentication of a remote user is performed at the first AAA server without contacting a 
second AAA server, which is not located within the virtual private network and is associated 
with the virtual home gateway. Claims 1, 14, 18, and 25 have been amended to further 
specify that associating the remote user comprises receiving a virtual private network ID and 
address of the first AAA server. 

In contrast to applicants' invention, Wenzel uses the second AAA server 120 to 
perform authentication (see, paragraphs [0031] - [0033], for example). ANC 108 does not 
communicate with NAS/PSDN until it has received instructions from AN-AAA server 120 
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(paragraph [0036]). Once a communication link is established between NAS/PSDN 116 and 
access terminal 104, based on authentication at the second AAA server 120, NAS/PSDN 
produces authorization information signals to local AAA server (first server) 122 (paragraph 
[0038]). Thus, while the NAS/PSDN 1 16 makes final determinations as to whether a 
connection may be established, AN- AAA server 120 performs the preliminary 
authentication and makes a determination that is relied upon by the NAS/PSDN in 
determining whether to establish a connection. Systems such as disclosed in Wenzel which 
require communication between AAA servers can pose a serious security risk. 

Furthermore, Wenzel does not show or suggest receiving a request from a remote 
user for connection with a virtual private network at a virtual home gateway. Instead, 
Wenzel teaches communication with a data packet network using two AAA servers, neither 
server located within the data packet network. 

Moreover, Wenzel does not disclose sending accounting information directly to first 
and second AAA servers, as set forth in claims 1, 14, and 25. In rejecting the claims, the 
Examiner refers to paragraphs 0040 and 0043 of Wenzel. These paragraphs describe how 
random numbers and access grant/deny signals are generated and transmitted. There is no 
discussion of transmitting accounting information. 

As noted by the Examiner, Wenzel also does not disclose performing a lookup of a 
first AAA server address at a virtual home gateway. Since the AAA server 122 is local to 
the NAS/PDSN 1 16, there is no reason to perform a lookup to find the AAA server. In 
contrast to Wenzel, the first AAA server of applicants' invention is located within the virtual 
private network, thus the gateway has to perform a lookup to find the address of the AAA 
server associated with the virtual private network. 

Haverinen et al. describe authentication in a packet data network. A mobile IP 
network MPI is connected to GSM_B by a GSM authentication gateway (GAGW). The 
GAGW couples together a server in the GSM B and a server in the MIP network. The two 
AAA servers (HAAA and FAAA) are associated with one another and directly coupled 
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through the GAGW. Thus, there is no need to perform a lookup of an address of the 
associated AAA server. 

Furthermore, the cited references do not show or suggest receiving a virtual private 
network ID and address of an AAA server of the virtual private network at a virtual home 
gateway. As previously discussed, the user in Wenzel is not attempting to contact a virtual 
private network. In rejecting the claims, the Examiner refers to paragraph [0038] of 
Wenzel. This section of the patent application describes how the NAS/PSDN 116 (referred 
to by the Examiner as the gateway) produces authorization information signals to a local 
AAA server 122. There is no teaching of receiving a virtual private network ID or address 
of a VPN AAA server at the gateway. 

Accordingly, claims 1,14, and 25 are submitted as patentable over Wenzel and 
Haverinen et al. 

Claims 3-13, depending from claim 1, claims 15-24, depending from claim 14, and 
claims 27-28, are submitted as patentable for at least the same reasons as their base 
independent claims. 

Regarding claims 4, 5, 22, 27, and 28, the cited references do not show or suggest 
sending a request to a service provider AAA server to authorize the remote user. In 
contrast, Wenzel uses a local AAA server (referred to by the Examiner as the first AAA 
server) to authorize a user. 

Claim 6 is further submitted as patentable because the cited references do not show 
or suggest sending a request to authenticate a remote user comprising routing the request- 
using a customer routing table of a virtual private network. In rejecting the claim, the 
Examiner refers to col. 12, lines 14-16 of Haverinen et al. This section of the patent 
describes communication between two AAA servers. As noted above, applicants' invention 
provides authentication without direct communication between two AAA servers. 
Furthermore, Haverinen et al. do not teach routing an authentication request using a 
customer routing table of a virtual private network. 
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With regard to claims 8, 9, 10, and 16, Wenzel does not discuss sending an 
accounting request to the AAA servers. As previously noted, the paragraphs referenced by 
the Examiner refer to generating authorization/deny signals. 

The Examiner has not provided any support for rejection of claims 15-17. 

For the foregoing reasons, Applicants believe that all of the pending claims are in 
condition for allowance and should be passed to issue. If the Examiner feels that a 
telephone conference would in any way expedite the prosecution of the application, please 
do not hesitate to call the undersigned at (408) 399-5608. 



Respectfully submitted. 



Cindy S. Kaplan 
Reg. No. 40,043 
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